公开(公告)号：US20210320817A1

公开(公告)日：2021-10-14

申请号：US16848647

申请日：2020-04-14

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Sivakumar Ganapathy ,  Shashank Chaturvedi ,  Suresh Pasupula ,  Prashanth Matety ,  Sachin Gupta

IPC: H04L12/46 ,  H04L29/08 ,  H04L29/12

Abstract: Techniques and architecture for routing data packets through networks that include TGWs. A data packet may be received from a TGW at an infra VPC. A TGW attachment on which the data packet was received is determined. Based at least in part on the TGW attachment, the data packet is routed to a CSR at the infra VPC. Load balancing may be achieved by defining VRF groups that include VPCs and the TGWs. Each VRF group may be assigned to an interface of one or more CSRs. Also, the VRF groups allow for supporting overlapping subnets.

公开(公告)号：US20220385498A1

公开(公告)日：2022-12-01

申请号：US17335887

申请日：2021-06-01

Applicant: Cisco Technology, Inc.

Inventor： Rajagopalan Janakiraman ,  Arun Saha ,  Sivakumar Ganapathy ,  Jose Carlos Recuero Arias ,  Sapan Shah ,  Shashank Chaturvedi

IPC: H04L12/46 ,  H04L12/24 ,  H04L29/08

Abstract: Techniques are described for dynamically establishing and scaling IPSec tunnels to connect hundreds of sites of a network by making use of the user intent of connecting certain applications for applying security policies and translating it dynamically based on the location and needs of the workloads to set up the network on demand. The techniques involve a tight loop between the network controller of a site (e.g., a cloud Application Policy Infrastructure Controller) and the inter-site or multi-cloud inter-connect controller, stitched through services that enable security and network automation at scale. In particular, to control the number of IPSec tunnels, IPSec tunnels are established only when required. Additionally, IPSec tunnels may be eliminated when no longer required. Thus, resources of a network may be used in a measured way that is necessary and sufficient to meet network traffic demand.

公开(公告)号：US11082258B1

公开(公告)日：2021-08-03

申请号：US16742604

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Suresh Pasupula ,  Sachin Gupta ,  Shashank Chaturvedi ,  Prashanth Matety

IPC: G06F15/177 ,  H04L12/46 ,  H04L12/741 ,  H04L29/06

Abstract: Techniques for maintaining isolation and segregation for network paths through multi-cloud fabrics using VRF technologies. The techniques include running virtual routers in a cloud network that connect the cloud network to an on-premises network using a network overlay that preserves VRF information in data packets. Further, the virtual routers connect to individual gateways in the cloud network using tunnels, and each individual gateway is connected to multiple VPCs without overlapping subnets. The virtual routers may assign a sink VRF to each gateway connection that can be used to perform source-IP based VRF selection by mapping source IP addresses in each tunnel connection to appropriate VRFs for the source IP addresses. In this way, virtual routers may use sink VRFs to translate into the VRF information for data packets from the VPCs via source-IP based lookup, and use the corresponding VRF route table to determine next hops for data packets.

公开(公告)号：US20210218598A1

公开(公告)日：2021-07-15

申请号：US16742604

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Sivakumar Ganapathy ,  Rajagopalan Janakiraman ,  Suresh Pasupula ,  Sachin Gupta ,  Shashank Chaturvedi ,  Prashanth Matety

IPC: H04L12/46 ,  H04L29/06 ,  H04L12/741

Abstract: Techniques for maintaining isolation and segregation for network paths through multi-cloud fabrics using VRF technologies. The techniques include running virtual routers in a cloud network that connect the cloud network to an on-premises network using a network overlay that preserves VRF information in data packets. Further, the virtual routers connect to individual gateways in the cloud network using tunnels, and each individual gateway is connected to multiple VPCs without overlapping subnets. The virtual routers may assign a sink VRF to each gateway connection that can be used to perform source-IP based VRF selection by mapping source IP addresses in each tunnel connection to appropriate VRFs for the source IP addresses. In this way, virtual routers may use sink VRFs to translate into the VRF information for data packets from the VPCs via source-IP based lookup, and use the corresponding VRF route table to determine next hops for data packets.